Items Tagged with "Network Security"
October 09, 2012 Added by:Mikko Jakonen
How come banks are telling people to maintain their security better, without putting their OWN reputation and capabilities in line with the DIRECT consequences of the change paradigm towards ‘webalized’ approach we have witnessed for years, has now resulted as poor operational security...
October 09, 2012 Added by:Tripwire Inc
In the corporate world, we talk a lot about corporate goals & objectives. In the US Government, you hear a lot about “The Mission,” which is the unifying goal that ties an agency (or multiple agencies) together in a shared sense of purpose. I’m a big believer in connecting our actions as information security professionals to The Mission...
October 04, 2012 Added by:Jim Palazzolo
Is it the legal structure that makes it taboo, or the ambiguity of the target? What are the implications? Could a corporation accidentally set off a cyber flashpoint by attacking targets in other countries? And, is it an organization’s legal right, like an individual, to defend itself?
October 04, 2012 Added by:Brent Huston
Once we’ve embraced the fact that we need better detection and response mechanisms, we start to see how honeypots can help us but also how creating better awareness within our users can be the greatest investment an organization might make in detection...
October 03, 2012 Added by:Stephen Marchewitz
In order to mitigate this threat, ISPs will need to combine their efforts. It would take a global effort on the part of the ISPs. Until then, the capabilities are there to deal with the issue when it arises on a per incident basis...
October 01, 2012 Added by:Scot Terban
The cyberwar is upon us and we had best start taking it seriously because people in power are making plans, and like biological warfare, it seems perhaps there could be unforeseen circumstances that could trigger bigger and worse things. Plan accordingly and think a bit more cogently...
September 30, 2012 Added by:Rob Fuller
So it turns out that Windows Firewall talks IP addresses just like any other firewall, so if you configure FakeNetBIOSNS to tell everyone that the IP address for whatever they looked up is YOUR IP, guess what, no need to bypass the spoof filters...
September 30, 2012 Added by:Rafal Los
Sticking to the basics wouldn't be such a bad thing in Security... if we had a clue on how to do the basics right. I know plenty of people who pentest all day every day and they'll be the first to tell you how easy it is to break in because defenses are so weak, if they exist at all...
September 27, 2012 Added by:Dan Dieterle
What would you do if the lights suddenly went out? Where would you get news from? Or more importantly water? Keep cool or get heat? Though many disregard warnings about critical infrastructure attacks what if the worst did happen, would you be prepared?
September 26, 2012 Added by:Rafal Los
Enterprises seem to have a love-hate relationship with Java. It's a client we aren't thrilled with, but when it comes to cross-platform use there aren't really any other alternatives. If you look around you'll find that many of the security platforms are written in what? Java...
September 26, 2012 Added by:Pierluigi Paganini
A possible Iranian cyber offensive against US banks has been discussed recently, and immediately denied by government of Teheran. Financial institutions are targets for a cyber attacks, as the banking system is a critical asset for a nation and its paralysis could damage economic activities...
September 25, 2012
We used the OSSTMM 3 so we could measure the Attack Surface. Even though, measuring the Attack Surface with RAVs seems complicated at first, it is actually pretty straight-forward once you understand the concepts. The results of this research can be found in this paper...
September 25, 2012 Added by:Richard Stiennon
The that firewalls do not provide value had its first incarnation in de-perimeterization. The idea is that because network security is so hard we should give up and focus on securing the endpoints and data that travels between them. In reality we have to defend four separate domains...
September 25, 2012 Added by:Andrew Case
This post will discuss Volatility’s new Linux features for recovering network information including enumerating sockets, network connections, and packet contents, and will discuss each plugin along with implementation, how to use it, output, and which forensics scenarios apply...
September 24, 2012 Added by:f8lerror
You pop a box, get your meterpreter shell at the end of the day. You leave your shell, come back in the morning and find out the connection dropped because the system rebooted. Luckily @Carlos_Perez/Darkoperator made a persistence script that is included in Metasploit...
September 24, 2012 Added by:Michael Ligh
This post discusses the undocumented windows kernel data structures for desktop objects and desktop heaps. You'll see how to use memory forensics to detect recent malware including the ACCDFISA ransomware and Tigger variants...